code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted source code and PR descriptions as primary inputs (File: SKILL.md). It lacks boundary markers or input sanitization instructions. Since the workflow grants the agent the capability to 'Build, test, run locally', this creates a direct path for malicious instructions embedded in the code to achieve code execution.
- [Remote Code Execution] (HIGH): The 'Review Workflow' section instructions the agent to 'Run the code: Build, test, run locally if possible'. This is a high-risk operation because malicious codebases often use build hooks (e.g., npm postinstall, setup.py, or Makefiles) to execute arbitrary commands on the host system during the build process.
- [Unverifiable Dependencies] (MEDIUM): The skill includes the command 'pip install radon' in its Review Commands. This performs a runtime installation from a public registry without version pinning or integrity checks, exposing the environment to dependency confusion or supply chain attacks.
Recommendations
- AI detected serious security threats
Audit Metadata